Hackers target South Korea’s military and government activities

A study by McAfee Labs has revealed that hackers behind cyber attacks in South Korea earlier this year have also targeted the country’s military and government activities.

The cyberattack in March this year caused a significant amount of damage to the affected organisations by wiping the hard drives of tens of thousands of computers, McAfee found.

The attack, known first as Dark Seoul and now as Operation Troy, took electronic banking sites and ATM networks offline.

McAfee Labs revealed that one of the primary goals of the group was a covert military spying operation that attempted to target military forces in South Korea.

The security firm has also found the covert development of military-espionage malware during a four-year period carried out by the same actors responsible for Dark Seoul and the recent attacks of 25 June.

McAfee researchers Ryan Sherstobitoff, Itai Liba, and James Walte said: "McAfee Labs can connect the Dark Seoul and other government attacks to a secret, long-term campaign that reveals the true intention of the Dark Seoul adversaries: attempting to spy on and disrupt South Korea’s military and government activities."

The researchers said since 2009 the attackers have attempted since to install the capability to destroy their targets using an master boot record (MBR) wiper component, as seen in the Dark Seoul incident.

"From our analysis we have established that Operation Troy had a focus from the beginning to gather intelligence on South Korean military targets. We have also linked other high-profile public campaigns conducted over the years against South Korea to Operation Troy, suggesting that a single group is responsible," the researchers said.